Skip to main content

Dvr2108Hc

5 CVEs product

Monthly

CVE-2013-5754 CRITICAL Act Now

The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Dahua Dvr0404Hd A Dvr0404Hd L Dvr0404Hd S +62
NVD
CVSS 2.0
10.0
EPSS
1.6%
CVE-2013-3615 HIGH POC This Week

Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dahua Authentication Bypass Dvr0404Hd A Dvr0404Hd L Dvr0404Hd S +62
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
8.6%
CVE-2013-3613 HIGH POC THREAT Act Now

Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.0%.

Dahua Authentication Bypass Dvr0404Hd A Dvr0404Hd L Dvr0404Hd S +62
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
12.0%
CVE-2013-3614 CRITICAL POC THREAT Emergency

Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 10.8%.

Privilege Escalation Dahua Dvr0404Hd A Dvr0404Hd L Dvr0404Hd S +62
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
10.8%
CVE-2013-3612 CRITICAL POC THREAT Emergency

Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.1%.

Dahua Authentication Bypass Dvr0404Hd A Dvr0404Hd L Dvr0404Hd S +62
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
12.1%
EPSS 2% CVSS 10.0
CRITICAL Act Now

The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Dahua Dvr0404Hd A +64
NVD
EPSS 9% CVSS 7.8
HIGH POC This Week

Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dahua Authentication Bypass Dvr0404Hd A +64
NVD Exploit-DB
EPSS 12% CVSS 7.8
HIGH POC THREAT Act Now

Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.0%.

Dahua Authentication Bypass Dvr0404Hd A +64
NVD Exploit-DB
EPSS 11% CVSS 9.3
CRITICAL POC THREAT Emergency

Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 10.8%.

Privilege Escalation Dahua Dvr0404Hd A +64
NVD Exploit-DB
EPSS 12% CVSS 10.0
CRITICAL POC THREAT Emergency

Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.1%.

Dahua Authentication Bypass Dvr0404Hd A +64
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy